Over 60% of Enterprises Fail to Build Effective Cloud Security

Well over half of organisations are failing to protect their data, saying that their cybersecurity methods aren’t maintaining their changes and up-grades that cloud security requires according to Symantec.

The security giant polled 1250 IT decision-makers in 11 countries worldwide to compile its 2019 Cloud Security Threat Report.  It revealed that while 63% of enterprise workloads have now been migrated to the cloud, a similar percentage of organisations are struggling to keep pace with the expansion of cloud apps.

Most (93%) said they are having trouble keeping track of workloads and estimated that more than a third of files in the cloud shouldn’t be there. Some 83% claimed they don’t have the right processes in place to effectively manage security incidents, meaning a quarter of alerts go unaddressed.

Nearly three-quarters (73%) said they’ve experienced an incident because their cloud security isn’t mature enough, i.e. they lack controls like encryption and multi-factor authentication (MFA) and are poorly configured. Some 65% of organisations failed to implement MFA in IaaS environments and 80% don’t use encryption, according to Symantec’s Report.

As a result, they face an increased risk of insider threats, ranked by respondents as the third biggest threat to cloud infrastructure.

Sixty-nine percent of survey respondents think their data is likely already on the dark web for sale.

Nico Popp, Symantec’s senior vice-president of cloud & information protection, explained that 69% of responding organisations believe their data is already on the dark web for sale and fear an increased risk of data breaches because of their cloud migration.

“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realise, given the troves of sensitive and business-critical data stored in the cloud,” he added.

“Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. However, it’s not the underlying cloud technology that has exacerbated the data breach problem, it’s the immature security practices, overtaxed IT staff and risky end-user behavior surrounding cloud adoption.”

Symantec:            Infosecurity

You Might Also Read: 

Is The Cloud Skills Gap A Problem?:

 

 

« Cyberwar Between Nation-States Damages Business
Pakistan Clashes With India In Cyberspace »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

CSIRT-CY

CSIRT-CY

CSIRT-CY is the National Computer Security Incident Response Team for Cyprus.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Cylab - Carnegie Mellon University

Cylab - Carnegie Mellon University

Carnegie Mellon University CyLab is the University's security and privacy research institute.

Singularico

Singularico

Singularico help secure your software using the power of AI.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.